Digital transformation

The US National Security Agency recommends mobile users to increase security.

Phan Van Hoa August 9, 2024 21:38

Recently, the US National Security Agency (NSA) has made a number of recommendations for mobile users to increase security, such as restarting the phone weekly, turning off Bluetooth when not in use, not using public Wi-Fi networks, etc.

In the current digital age, mobile phones have become an indispensable part of everyone's life. However, besides the conveniences they bring, mobile phones also pose many security risks. Therefore, ensuring the safety of mobile phones is extremely important.

Ảnh minh họa...
Illustration photo.

Users should restart their mobile phones weekly to increase security.

In a document detailing mobile phone security best practices, the NSA has recommended that users turn their mobile phones off and then back on every week to protect against zero-click attacks. Zero-click vulnerabilities are often used by attackers to eavesdrop and collect data from phones.

A zero-click vulnerability is a dangerous type of security flaw in software that allows an attacker to compromise a user's device without the user having to take any action, such as clicking a link or opening an attachment. An attacker can exploit this vulnerability to install malware, steal data, or take control of the user's device.

An attacker can exploit the vulnerability remotely without user interaction. This makes zero-click vulnerabilities much more dangerous than other types of security vulnerabilities, as there is no opportunity for the user to detect or prevent the attack.

Additionally, turning your mobile phone off and on again can also mitigate the threat of highly targeted email phishing attacks against specific individuals or organizations (spear-phishing attacks). Unlike regular phishing attacks, spear-phishing attacks are more sophisticated and personalized to trick victims into believing they are receiving a legitimate email from a trusted person or organization.

However, the NSA document also warns that turning off and on a mobile phone sometimes only partially prevents these attacks from succeeding, and is not an absolute safety measure.

The US National Security Agency also said: “Threats to mobile devices are becoming more prevalent, increasing in both scale and complexity. Some smartphone features, although convenient, come at the expense of security. Therefore, mobile users should do something to proactively secure their devices and data.”

It's important to note that these recommendations aren't a silver bullet for all security issues. While they're helpful general recommendations, turning your device off and back on won't work against many of the more advanced malware and spyware threats that are programmed to reload upon reboot.

In fact, restarting the mobile phone is also a way that many users often use as a simple way to refresh the system after a long period of continuous operation, clean up all background applications and cache to help the phone run smoother. Restarting the phone also helps solve some problems related to mobile signals, helping to get better signals.

You should turn off Bluetooth connection when not in use, do not use public Wi-Fi networks and public charging stations,...

The NSA also recommends that mobile phone users should turn off Bluetooth connections when not in use, update their devices as soon as possible when new operating system and application updates are available, and turn off location services when not needed.

As we can see, much of the advice is about choosing between security and convenience. Additionally, the NSA recommends against using public Wi-Fi and public charging stations, even though many security experts believe the risk in most real-world use cases is quite low. This may be inconvenient for many smartphone users.

When it comes to public Wi-Fi, there is a difference between potential risks and the actual risks users face. While hackers can exploit unsecured networks for malicious purposes, this usually involves tricking unsuspecting users into connecting to their Wi-Fi hotspot instead of the one provided by a train station, airport, or coffee shop.

This is a type of Wi-Fi network attack in which the attacker uses a fake Wi-Fi access point with the same or similar name to the legitimate Wi-Fi network that the user intends to connect to. Thus, when the user intends to connect to the legitimate Wi-Fi network, they are unwittingly connected to the fake Wi-Fi access point created by the cybercriminal.

To stay safe in public, the UK's National Cyber ​​Security Centre (NCSC) also recommends that users connect to 4G or 5G mobile networks, as they have built-in security features. Users can also use the tethering feature on most mobile devices to connect their laptop to their smartphone's network, which is useful when performing sensitive activities such as online banking.

Additionally, the NSA recommends that users use a “strong” PIN or lock screen password, with at least six characters, and that the phone be set to automatically erase data after 10 incorrect entries and automatically lock after five minutes of inactivity.

Cybersecurity expert Oliver Page, CEO of Cybernut (UK) Cybersecurity Company, said that users should create strong, unique passwords for each account using a password manager and avoid using common phrases as well as reusing passwords across multiple accounts.

The NSA further warns that opening email attachments and links, even if the sender appears legitimate, is a bad idea, as they can easily inadvertently transmit malicious content or have their account compromised. Oliver Page also recommends users learn to recognize phishing attempts by checking the sender's email address, verifying the website address, and reviewing the email content for signs of tampering.

And the recommendations of the US Federal Communications Commission

In addition to the recommendations issued by the NSA, the Federal Communications Commission (FCC), an independent agency of the US government, has also issued a number of practical security recommendations for smartphone users. While some of the FCC's recommendations overlap with those of other government and law enforcement agencies, there are a few points worth noting.

Do not change the default security settings of your smartphone:According to the FCC, interfering with a phone's factory settings, such as jailbreaking or directly interfering with the system to gain privileged access (rooting), weakens the built-in security features provided by mobile service providers and smartphone manufacturers, making the device more vulnerable to attacks.

Be careful when granting permissions to apps:The FCC warns that understanding app permissions is important because they can be used to bypass certain security features. While modern mobile operating systems have made these permissions more transparent, it is still important to be aware of potential dangers. According to the FCC, users should be cautious when granting apps access to personal information on their phones or allowing apps to perform functions on their mobile phones.

Set up remote access disablement and remote data wipe for mobile phones:By setting up remote access disablement and remote data wipe, users can protect their phones from unauthorized access and protect their personal data in case of loss or theft.

Wipe data and factory reset before selling or discarding phone:Finally, always wipe data from the user's mobile phone and factory reset it before selling or discarding the phone to ensure important data does not fall into the hands of others.

According to Forbes
Copy Link

Featured Nghe An Newspaper

Latest

x
The US National Security Agency recommends mobile users to increase security.
POWERED BYONECMS- A PRODUCT OFNEKO